GreyNoise’s internet background noise and RIOT (common business services) datasets help analysts minimize resources wasted on investigations into irrelevant events. This data can be integrated with a SIEM to quickly enrich events, a SOAR to automate workflows and incident response, or a TIP as an investigation resource. Events associated with IPs in GreyNoise noise dataset can be deprioritized as they are likely associated with opportunistic internet scan and attack traffic, not targeted reconnaissance. IPs in the RIOT dataset are associated with common benign services such as business applications, update services, or public DNS and are very unlikely to pose a threat.
Scenario 1: SIEM Integration
GreyNoise is integrated into a SIEM application and external IPv4 addresses are automatically looked up to determine if GreyNoise has observed noise from the IP. This information is appended to the log so it can be presented to other tools and analysts.
Scenario 2: SOAR Integration
GreyNoise is integrated into a SOAR application. All incidents from the perimeter are queried against GreyNoise and, based on defined rules, incident severity is adjusted.
Scenario 3: TIP Integration
GreyNoise is integrated into a TIP application. All incidents from the perimeter are queried against GreyNoise and, based on defined rules, incident severity is adjusted.
Updated almost 2 years ago